Security

(public)

User Story

User Agent: Mozilla/5.0 (Windows NT 6.1; rv:8.0a1) Gecko/20110715 Firefox/8.0a1
Build ID: 20110715030758
Steps to reproduce:
Currently if a user wants to access passwords they have stored for a site, they're forced to use a desktop computer. Users should be able to access the password manager from the mobile UI either to copy password and use in a third-party application (i.e. twitter/facebook) or for matters whereby the password manager doesn't offer the password because the mobile site is on a sub-domain.

I may (or may not) have a look at writing an add-on on Monday night.
The process looks much simpler then working on the extensive C++ codebase.
Don't know if and how an add-on has access to this kind of information and if it can access the system-clipboard.

I have set up a dev environment and am starting to find my way around the code.
I already have the new menu item in settings and should have no problem doing the new dialog similar to how it looks on the desktop.
http://marcuswolschon.blogspot.de/2013/03/improving-firefox-for-android.html
But I could really need a mentor to teach me how to do:
* localisation,
* access to stored passwords/master password
* patch submission/review are done.
(Also your code seems to be mostly devoid of comments and the Java as well as the Android-resources part do not follow the canonical storage path conventions.)

(In reply to Marcus Wolschon from comment #9)
> I have set up a dev environment and am starting to find my way around the
> code.
> I already have the new menu item in settings and should have no problem
> doing the new dialog similar to how it looks on the desktop.
> http://marcuswolschon.blogspot.de/2013/03/improving-firefox-for-android.html
Awesome!
> But I could really need a mentor to teach me how to do:
> * localisation,
Localisation stuff is generally done by volunteers once the patch has landed. For strings in the Java code just add the English versions to strings.xml.in and android_strings.dtd (which you mention in your blog post).
> * access to stored passwords/master password
I'm not entirely sure, to be honest. I found some MasterPassword-related code in mobile/android/chrome/content/browser.js that was added by Wes, so I'm cc'ing him here and hopefully he can answer your questions better.
> * patch submission/review are done.
See https://developer.mozilla.org/en-US/docs/Mercurial_FAQ#How_can_I_generate_a_patch_for_somebody_else_to_check-in_for_me.3F
Follow those instructions to generate the patch, and then upload it as an attachment to this bug and set the review flag to '?' to get somebody to review it. Generally it's better to put somebody specific as a reviewer.
>
> (Also your code seems to be mostly devoid of comments and the Java as well
> as the Android-resources part do not follow the canonical storage path
> conventions.)
Yeah... fixing that is lower priority for us than other bugs so it keeps getting deferred.

Marcus: it might be helpful if you post in-progress patches for what you've got so far. We can take a look and see if you're on the right track. Also needinfo'in Wes, maybe he can provide some info on how to access the password storage data.

Note that nsILoginManager will be going async soon (bug 853549), and so any changes should probably take that into account (ie, ideally be easy to convert to the async API when it's available).
The desktop code for the management UI is in http://mxr.mozilla.org/mozilla-central/source/toolkit/components/passwordmgr/content/
It is... not great code. It hasn't really changed much since it was written eons ago. I don't know if it's at all useful or relevant for mobile (probably not). I'd actually be happy to jettison it all in favor of a modern version! (But I also wouldn't object to going with a simple mobile-only fix here. ;)